[Users] claws-mail hangs with server using openssl 1.0.1d

Hanno Böck hanno at hboeck.de
Thu Feb 7 13:48:20 CET 2013


Hi,

I have a kind of odd behaviour on claws-mail. Every server connection I
do causes it to hang forever. No matter if smtp or pop3 (i don't use
imap, but I assume it'd be the same).

Now my assumption: This happened the first time when I upgraded openssl
to the latest 1.0.1d on my server. This is the fix for the currently
hotly debated "Lucky Thirteen" vulnerability.
When I downgrade the server to 1.0.1c, it works again. The MTA is
courier.

The output of claws-mail --debug looks like this right before the hang:

[13:43:17] POP3< +OK Begin SSL/TLS negotiation now.
ssl.c:218:waiting for SSL_connect thread...
ssl.c:236:SSL_connect thread returned 0
ssl_certificate.c:389:got /home/hanno/.claws-mail/certs/zucker.schokokeks.org.110.cert
first try ssl_certificate.c:236:got cert! 0x2f4aa60
ssl_certificate.c:399:got cert 0x2f40e10
[13:43:17] POP3> USER hanno-ml


I assume this is some weird interaction with the CBC fixes deployed to
openssl that cause the havoc. As this doesn't happen with other
clients, I assume the problem lays in claws-mail. (though I'm not
certain of that, it may very well be also a problem in openssl or
courier, but I thought I'd ask here first as claws seems the most
likely cause)

(note that on the client I also upgraded to openssl 1.0.1d and it seems
not to have problems with that)

cu,
-- 
Hanno Böck		mail/jabber: hanno at hboeck.de
GPG: BBB51E42		http://www.hboeck.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20130207/0e2de22a/attachment.sig>


More information about the Users mailing list